CVE-2022-49209: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49209 affects the Linux kernel's BPF (Berkeley Packet Filter) subsystem, specifically in the sockmap functionality. The vulnerability was discovered in the tcpbpfsendmsg function where a memory leak occurs when the socket message (skmsg) is full. When skmsgalloc() returns -ENOMEM error and tcpbpfsendmsg() goes to waitformemory, if partial memory has been allocated by skmsgalloc(), a memory leak occurs when msgtx->sg.size is greater than osize after skmsgalloc() (Kernel Git).

The vulnerability exists in the skmsgalloc() function where memory allocation for socket messages is handled. When the socket message buffer is full and memory allocation fails with -ENOMEM, the code path fails to properly clean up partially allocated memory before going into waitformemory state. This issue affects other call paths of skmsgalloc() as well, such as tlsswsendmsg(). The fix involves using skmsgtrim() to release the allocated memory before going to wait for memory state (Kernel Git).

The memory leak can lead to resource exhaustion over time, potentially affecting system stability and performance. The issue manifests through kernel warnings and can be triggered during socket operations, particularly when the system is under memory pressure (Kernel Git).

The issue has been fixed in the Linux kernel by adding proper memory cleanup using skmsgtrim() in the skmsgalloc() function. The fix ensures that any partially allocated memory is properly released before entering the waitformemory state. Users should update to a patched kernel version that includes the fix (Kernel Git).